Michael Ströder michael@stroeder.com writes:
Simon,
I know *very* little about C programming but...
Simon Josefsson wrote:
I don't think it is unreasonable for a SAN related API to work with zero-terminated strings. The typical SAN's like dNSName, rfc822Name, and uniformResourceIdentifier are human readable strings. Most applications will work with the strings in zero-terminated form.
...having implemented a cert parser in Python I'd like to emphasize that the attitude of "Most applications will work" is for me a real show-stopper for deploying GnuTLS especially regarding possible security issues.
In my project experience I saw so many PKI-enabled software packages crashing while handling even perfectly valid certificates (not to speak of mal-formed certs issued by some commercial CAs).
Sure, but this particular function takes a zero terminated string, and I believe that this is the simplest for most applications. Hostnames and email addresses are typical things to prompt the user for (using APIs like 'readline', which is what the certtool command line tool does), and such strings are typically stored in a zero terminated string in C applications.
For other SAN's that are binary data, and for applications that use length-value-pairs for the data, I agree that there should be another API as well. There is a ticket for this, and we'll add it as soon as possible. I appreciate that this thread has brought up problems that we can fix.
/Simon